CVE-2023-45503

{"id": "CVE-2023-45503", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-04-15T20:15:10.777", "references": [{"url": "https://docs.google.com/spreadsheets/d/1AzXspN8oBAJ80YQxfN44bpbOuNzA3PZEccQ6IGQMs5E/edit?usp=sharing", "tags": ["Not Applicable"], "source": "[email protected]"}, {"url": "https://github.com/ally-petitt/CVE-2023-45503?tab=readme-ov-file", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://docs.google.com/spreadsheets/d/1AzXspN8oBAJ80YQxfN44bpbOuNzA3PZEccQ6IGQMs5E/edit?usp=sharing", "tags": ["Not Applicable"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/ally-petitt/CVE-2023-45503?tab=readme-ov-file", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "SQL Injection vulnerability in Macrob7 Macs CMS 1.1.4f, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via crafted payload to resetPassword, forgotPasswordProcess, saveUser, saveRole, deleteUser, deleteRole, deleteComment, deleteUser, allowComment, saveRole, forgotPasswordProcess, resetPassword, saveUser, addComment, saveRole, and saveUser endpoints."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en Macrob7 Macs CMS 1.1.4f, permite a atacantes remotos ejecutar c\u00f3digo arbitrario, provocar una denegaci\u00f3n de servicio (DoS), escalar privilegios y obtener informaci\u00f3n confidencial a trav\u00e9s de un payload manipulado para resetPassword, forgotPasswordProcess, saveUser, saveRole, deleteUser, deleteRole, deleteComment, deleteUser, allowComment, saveRole, forgotPasswordProcess, resetPassword, saveUser, addComment, saveRole, and saveUser endpoints."}], "lastModified": "2025-04-18T18:34:15.530", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:macs_cms_project:macs_cms:1.1.4f:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98B08F9C-C783-4DD6-B23E-5F12488A8DB2"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}